Maintaining an up to date secure custom linux distro livecd might not be the smallest task ever.
Livecds are probably the most easily secured right now, but the suggested virtualmachine-route might be a more sustainable one in the future.
Hmm, my mind is playing tricks on me, I thought I saw an elaborate post about lxc (linux containers), didn't think I was looking that much at virtualmachines that I'm starting to see them everywhere.
I love it, but how hard is it, exactly, to make a secure linux distro? I'm assuming it is no simple task, but then again I am not a byte-master either.
Big warning up front I am most certainly not an expert in computer security. One of the primary reasons for me to work with linux is because I don't want to deal with windows security issues, which at the moment is still the largest target (and most insecure by design).
Creating custom linux distros is actually very easy and there are even websites that let you pick options from a list and it will spit out your custom distro. The problem lies in the secure bit. You have to trust whoever is making the distro or the cd-images. Not only do they have to be trustworthy, but also have the ability to guarantee their own security, no easy feat.
Best option short term I think would be to pick one livecd and then publish a set of packages for that livecd that can be loaded onto an usb-stick and installed that way.
Another option would be to publish a virtual-machine image of a secure distro with a shasum, so that people know that at the moment the image is started it's secure. Someone more knowledgeable than me would have to pitch in to say if a virtual-machine can be sufficiently protected from the host-machine it's running on.
In short creating linux distros and livecd-images is easy as pie, guaranteeing security is not easy, but at the very least not as impossible as on MSWindows (closed source and uncountable so-called "features", obligatory government back-doors etc).